Shulou(Shulou.com)06/01 Report--

dnsenum

Written by perl of a multi-threaded, can specify DNS server, support domain name blasting, support different network speed tool tuning, the results can be imported to other tools used in a DNS information collection tool. (The online bosses all say that they can be used to check discontinuous IP segments. What are you talking about? There is no relevant knowledge yet, ask for answers)

Syntax: dnsenum.pl [Options]

Note: Blast switch parameter-f is optional, dictionary file needs to be specified

General options:

--dnsserver uses the specified DNS server to query A, NS, MX records

--enum shortcut options, similar to: --threads 5 -s 15 -w.

-h, --help Show help information

--noverse does not perform reverse queries

--nocolor output results do not show color

--private Display and save private IP to domain_ips.txt file

--subfile Writes valid subdomain names to the specified file

-t, --timeout Set TCP, UDP connection timeout value (default 10 seconds, this option can be used in bad or super good network conditions)

--threads Specifies the number of threads used to execute different queries

-v, --verbose Output detailed results (output all)

Google crawling options (because I can't connect to google now, so ignore it first):

-p, --pages The number of google search pages to process when scraping names,

the default is 5 pages, the -s switch must be specified.

-s, --scrap The maximum number of subdomains that will be scraped from Google (default 15).

Blasting options:

-f, --file Specify subdomain dictionary file to blast

-u, --update Update the subdomain file specified by-f with a valid subdomain

-a (all) use all results (valid, google-crawled, reverse queried, spatially transmitted) to update subdomain dictionary files

-g Update specified file with Google crawl results

-r Update specified file with results of reverse query

-z Update specified file with results of spatial transfer

-r, --recursion recursively queries all subdomains with NS records that have been exploded

whois Network Range Options:

-d, --delay Set the interval between two whois queries, the default is 3 seconds (the purpose of this option is to adjust the packet rate to ensure that the tool runs in the most stable state)

-w, --whois performs whois queries on segment C ** Warning **: This option generates a large amount of data and requires a large number of events to perform reverse queries

Reverse query options:

-e, --exclude excludes PTR records specified in the regular from the results of a reverse lookup, useful for invalid host names

Output options:

-o --output Output as an XML file that can be imported into the MagicTree tool

Actual combat one, directly use dnsenum query:

Actual combat 2, use the DNS server queried for the first time, query segment C and use multithreading (idea, when *** target, first discover the target's private DNS, and then specify private DNS to query, often can find the target's private information)

Actual Combat 3: Use your own subdomain dictionary to blast the domain name and subdomain name of the target (idea: no matter whether the second step is successful or not, you need to blast the target once, this is to collect more information, if the second step is successful, you can predict the domain name naming rules of the target according to the additional information found in the second step, and then blast)

Summary:

In the process of information collection, you must obtain as much information as possible. The collection of domain name information is also a very artistic knowledge. You may get the domain name, scan it directly with dnsenum and then stop. However, if you find that there is a private DNS server in the information obtained for the first time, you can often obtain the domain name, host address and other information of the other party.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.